You are on page 1of 13



Security Without Compromise


with most connecting back traditional firewalls and security appliances (deployed to on-premise environments in a true hybrid cloud. Private cloud infrastructure accelerated infrastructural changes might expose new (including virtualization and software-defined defensive gaps. organizations need to augment an unprecedented rate. public. enterprises embracing public clouds at and hybrid clouds. At the internal environments to a mix of private. for north-south traffic at the network edge) with But the problem of ever-evolving persistent threats expanded protection for east-west traffic. 1 INTRODUCTION . both within makes protection of end-users and sensitive data internal networks and across clouds. which host the majority of As today’s enterprise data centers evolve from static enterprise server workloads around the world. networking) is in the process of transforming on- premise data centers. considering that over the last decade. same time.INTRODUCTION Enterprises have rapidly incorporated cloud computing an increasingly urgent concern.

01 STRETCHING Cloud computing really encompasses a number of different deployment methodologies and approaches BEYOND that complement each other. public. organizations need to increase security to keep pace with these more dynamic and fast-paced environments. they share common SECURITY characteristics and benefits that define the very notion of cloud computing. But despite the STATIC disparate types of deployments. §§ Elastic capacity and scale §§ Agile provisioning and deployment §§ On-demand consumption and pricing To maintain a strong security posture in private. There are two specific areas that require additional attention to protect critical assets and users from outside threats. and hybrid clouds. 2 STRETCHING BEYOND STATIC SECURITY .

SCALING PROTECTION Cloud computing enables rapid development and Security needs elasticity to scale with the cloud delivery of highly scalable applications. both private and public clouds. As maintain the trust of users by ensuring confidentiality applications spin up and down with user demand in and data privacy at the same time. 3 STRETCHING BEYOND STATIC SECURITY . appropriate security rules should be automatically provisioned to new virtual machine instances. But this infrastructure itself and to provide transparent capability isn’t worth much if an organization can’t protection without slowing down the business.

SEGMENTATION With the IT efficiencies gained by pooling resources (e. organizations need to isolate business units and applications.g. storage. Networks need to be intelligently segmented into functional security zones to control east-west traffic. If a hacker or advanced threat breaches the cloud perimeter via a single vulnerable application. there’s typically little to protect critical assets within the flat and open internal network.. To minimize that serious potential for damage and loss. compute. cloud environments have become increasingly aggregated. to the point where entire data centers can be consolidated. 4 STRETCHING BEYOND STATIC SECURITY . however. network) through technologies such as virtualization and software- defined networking (SDN). The mix of data center traffic has shifted from north-south to east-west as these software-defined environments continually optimize underlying hardware utilization and efficiency on flatter scale-out architectures.

the cloud. 5 NEW DEFENSES FOR CLOUD ENVIRONMENTS . also need virtual firewalls that provide north-south protection for public clouds.scaling protection auto-scales network security capacity with elastic workloads. It also auto-provisions firewall and security rules to new web and app instances. as well as remote VPN access across the distributed network/data center.02 NEW DEFENSES FOR CLOUD ENVIRONMENTS In terms of elastic security.scaling protection automates require physical firewalls that provide highly scalable service insertion and chaining of security north-south data center firewall and network security appliances in virtual and software-defined protection at the edge of the private cloud. High-performance firewalls and network security while auto-provisioning firewall and security rules to appliances need to scale vertically to meet volume and new web and app instances. as well as lateral scalability to §§ Hybrid cloud . §§ Public cloud . performance demands. today’s cloud environments §§ Private cloud .scaling protection provides seamlessly track and secure data from IoT/endpoints. and into to administer workloads in the cloud. site-to-site VPN connectivity to migrate workloads to provider clouds. They networks.

Additional layers of protection are environments. persistent connections between private and §§ Private cloud . limits the spread of malware. network.segmentation isolates public clouds and inspects the traffic between applications and data in increasingly consolidated the two. §§ Public cloud . §§ Hybrid cloud .End-to-end segmentation provides deep visibility into even finer micro-segmentation strategy—firewalling traffic that moves east-west across the distributed workloads regardless of physical network topology. It employs end-to-end segmentation critical within hybrid cloud environments. and branch offices. especially between private cloud.segmentation targets the campuses. 6 NEW DEFENSES FOR CLOUD ENVIRONMENTS .segmentation isolates applications and workloads while ensuring privacy A robust end-to-end segmentation strategy includes and compliance in hosted provider environments. and branch considering the increasingly porous nature of offices. internal segmentation firewalling across data centers. and allows for the identification and quarantining of infected devices. down to a single virtual workload. campus. Organizations should also consider an network perimeters.

The underlying security infrastructure should offer work together as an integrated security system with automatic awareness of dynamic changes in the true visibility and control. orchestration tools. integrated into SIEM and other analytics in private and cloud management. Solutions should also be built on an extensible platform It’s not enough to detect bad traffic or block malware with programmatic APIs (REST and JSON) and other using discrete security devices. and software- public clouds. This enables security to security policy/posture automatically in response to that dynamically adapts to the evolving network incidents and events. cloud environment to provide seamless protection. The individual elements need to architecture and the changing threat landscape. with the ability to orchestrate changes defined data centers and clouds. SDN controllers. Security should be interfaces to integrate with hypervisors. 7 NEW DEFENSES FOR CLOUD ENVIRONMENTS .

03 HOW TO CHOOSE A CLOUD SECURITY SOLUTION When evaluating a security solution. 8 HOW TO CHOOSE A CLOUD SECURITY SOLUTION . there are a few §§ Is it actionable? You need a common set of general questions to start with. §§ How open is it? Well-defined. open APIs allow technology partners to become part of the fabric— §§ Is it aware? You need to not only track how data helping to maximize investments while dynamically flows in and out of your network. but also how it adapting to changes. §§ Is it really secure? The different tools that protect your network need to work together as an integrated system with visibility and control. threat intelligence and centralized orchestration that allows security to dynamically adapt as new §§ Is it scalable? A comprehensive security strategy threats are discovered. moves within the perimeter and who has access to it. must be elastic in both depth (performance and deep inspection) and breadth (end-to-end).

elastic auto-scaling. virtual. and unified analytics that enhance protection and visibility. virtual. 9 HOW TO CHOOSE A CLOUD SECURITY SOLUTION . and cloud-based security. §§ Single-Pane-of-Glass Visibility and Control: Your security solution should include centralized management with a consolidated view of policies and events—regardless of physical. pay-as-you-go pricing. §§ Integration: Solutions should integrate with VMware vSphere and NSX environments as well as public cloud environments like AWS and Azure to provide on-demand provisioning. or cloud infrastructure. Other specific features to look for might include: §§ Software-defined Security: Look for a unified security platform with a single OS to enable orchestration and automation across physical.

forebears to fundamentally scale protection while Rapid adoption of private. environments—helping organizations embrace the benefits of an evolving infrastructure while anticipating the attack vectors of current and emerging threats. 10 CONCLUSION . public. and hybrid clouds is providing segmentation within and across cloud driving the evolution of cloud security.CONCLUSION The evolving enterprise network combined with the The next generation of agile and elastic security transition to a digital business model present some solutions must transcend the static nature of their of the biggest current challenges to network security.

All rights Copyright © 2016 Fortinet. Inc.fortinet. Security Without Compromise www. .